VMware Fights Android BYOD Headaches

VMware's BYOD ambitions kick into gear through its partnership with Verizon. But is the virtualization heavyweight making its mobile management play too late?

10 Top Password Managers

(click image for slideshow)

VMware announced Wednesday the availability of its Horizon Mobile product for certain Android-based Verizon smartphones. The technology establishes a second instance of Google's mobile OS on a compatible device, allowing employees to keep their personal content separate from an IT-controlled workspace.

Such partitions have been considered an ideal ever since workers began bringing their own smartphones into the office, but with many vendors already touting similar technologies of their own, it's not certain that VMware will gain traction in the crowded mobile enterprise management market.

VMware Horizon Mobile is available immediately for the LG Intuition and the Motorola RAZR M. New units will come ready to deploy the Android guest OS, but users who have previously purchased either phone can gain access as well. VMware plans to add support for additional models throughout the year.

IT managers once enjoyed uniform device deployments in which all employees were issued a pre-approved, easily managed device, such as a BlackBerry smartphone. As the bring-your-own device (BYOD) movement flooded the workplace with user-owned iPhones and Android models, however, IT staffers have been challenged to keep the devices secure while also respecting privacy concerns. Due to this tension, analysts have characterized the ability to isolate business data from personal data as the "holy grail" of mobile endpoint management.

The same is true at businesses that have eschewed BYOD for the corporate-owned, personally enabled (COPE) model, in which the company owns devices but allows employees to choose from a variety of options. Because smartphones have become so capable, many users use them for personal tasks, even when their employers own the devices. A division between work data and personal tasks allows companies to embrace this user tendency without putting corporate intellectual property at risk.

By building its work-focused space around a guest OS, Horizon Mobile gives IT staffers particularly granular controls. Administrators can set passwords, push applications to devices or approve them for download from a corporate app catalog, enforce VPN requirements, remotely wipe data, and more -- all without affecting the user-dedicated portion of the device. It also boasts a secure browser and AES-256 encryption.

It's worth noting that Horizon Mobile's implementation is somewhat different than other virtualization-based mobile security techniques. Thin clients are often praised for their security because they don't actually store data locally; whatever the user is working on essentially disappears once a session has been terminated. Horizon Mobile, in contrast, stores the second OS locally and uses a Type 2 hypervisor to run the second instance.

As IT has been forced to wrangle an increasingly diverse spate of devices, vendors have stepped in to help, and many mobile management features -- such as remote wipe capabilities -- have become more or less commoditized. BlackBerry, AT&T, AirWatch, MobileIron and others all have technologies, for example, that separate personal content from work content.

Despite the ubiquity of certain features, Jaleh Rezaei, director of product marketing for Horizon, said that VMware's approach is still distinct because it relies on virtualization. In an interview, she said most other approaches involve containerization processes, which require modification to individual apps. Because Horizon Mobile hosts corporate content in a complete OS, this extra step is unnecessary. Similarly, Rezaei said that because admins have access to an OS, rather than to just an app, they can control the workspace more tightly.

She also noted that Horizon Mobile could solve the problem of Android fragmentation. Many versions of Android are actively in use, making it difficult for IT admins to uniformly control the numerous variants that might be accessing their networks. Rezaei said that by orienting corporate activity around a standardized guest OS, VMware avoids this trouble.

VMware Horizon Mobile is available immediately with perpetual licensing starting at $125 per user.

A nice portrayal, Michael, of the configuration of the business/personal smartphone in the BYOD debate. Containerization has its management drawbacks but uses little memory. VMware/Horizon Mobile approach has management advantages but uses more memory to mount the second operating system for the virtual machine. I don't know for sure what the penalty is and maybe they've found a way to minimize it. But there is one, and memory is limited resource on the handheld device..Charlie Babcock, InformationWeek senior writer.

Published: 2015-03-03Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

Published: 2015-03-03** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none.

How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.